Of all persons questioned who knew and were trusted by the 130 test subjects 28 per cent were able to guess the correct answers. Worse yet, even people completely unknown to the test subjects still had a 17 per cent chance of guessing "secret" answers.

Microsoft researcher Stuart Schechter, one of the authors of the study, says frankly that the technique is not as secure as they would expect of a backup authentication system. A further defect is that this approach isn't reliable enough to ensure that users actually do recover their passwords: they've often simply forgotten the answers.